Shahar Havivi has uploaded a new change for review. Change subject: ui: remove Escape characters for TextBoxLabel ......................................................................
ui: remove Escape characters for TextBoxLabel The reason that we use: SafeHtmlUtils.htmlEscape(renderedText); is to prevent javascript code injection suck as <script> etc. Its looks like the control is already safe rendering (tested with <script>, <b> and <h1>). without removing this line its render <>,. as theyer escaped value. Change-Id: I2e303decb9395fcf193e874b4ae55ab076ec0bba Bug-Url: https://bugzilla.redhat.com/1113499 Signed-off-by: Shahar Havivi <shah...@redhat.com> --- M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/widget/label/TextBoxLabel.java 1 file changed, 1 insertion(+), 4 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/92/29292/1 diff --git a/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/widget/label/TextBoxLabel.java b/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/widget/label/TextBoxLabel.java index 26d9f8d..bfece31 100644 --- a/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/widget/label/TextBoxLabel.java +++ b/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/widget/label/TextBoxLabel.java @@ -1,14 +1,12 @@ package org.ovirt.engine.ui.common.widget.label; -import org.ovirt.engine.ui.common.widget.renderer.EmptyValueRenderer; - import com.google.gwt.core.client.Scheduler; import com.google.gwt.core.client.Scheduler.ScheduledCommand; import com.google.gwt.event.dom.client.BlurEvent; import com.google.gwt.event.dom.client.BlurHandler; import com.google.gwt.event.dom.client.FocusEvent; import com.google.gwt.event.dom.client.FocusHandler; -import com.google.gwt.safehtml.shared.SafeHtmlUtils; +import org.ovirt.engine.ui.common.widget.renderer.EmptyValueRenderer; public class TextBoxLabel extends TextBoxLabelBase<String> { @@ -19,7 +17,6 @@ @Override public String render(String value) { String renderedText = super.render(value); - renderedText = SafeHtmlUtils.htmlEscape(renderedText); return renderedText; } }); -- To view, visit http://gerrit.ovirt.org/29292 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I2e303decb9395fcf193e874b4ae55ab076ec0bba Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Shahar Havivi <shav...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
